(12) Patent Application Publication (10) Pub. No.: US 2016/ A1

Transcription

1 US A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2016/ A1 ZHANG (43) Pub. Date: Sep. 8, 2016 (54) METHOD AND APPARATUS FOR USER Publication Classification IDENTITY AUTHENTICATION (51) Int. Cl. (71) Applicant: ALIBABA GROUP HOLDING H04L 29/06 ( ) LIMITED, George Town (KY) (52) U.S. Cl. CPC... H04L 63/083 ( ); H04L 63/06 (72) Inventor: Jie ZHANG, Hangzhou (CN) ( ) (57) ABSTRACT (21) Appl. No.: 15/057,584 A method for user identity authentication is provided. The method includes receiving an authentication image selected (22) Filed: Mar. 1, 2016 by a user, and acquiring, based on the authentication image, a password to be verified. The method may further include (30) Foreign Application Priority Data acquiring a preset verification password, and comparing the verification password with the password to be verified to Mar. 3, 2015 (CN)... 2O obtain a user identity authentication result. {{} Receiving an Autheatication image Selected by a User S. () Acquiring. Based on the Seiected Authentication image, a Password to Be Verified SO2 Acquiring a Preset Verification Password and Coparing the Preset Verification Password with the Password to Be Verified to Obtain a User identity Authentication Result S 3

2 Patent Application Publication Sep. 8, 2016 Sheet 1 of 5 US 2016/ A1 {}} Receiving an Authentication image Selected by a ser Acqiring, Based on the Selected Autheatication image, a Password to Be Werified Acquiring a Preset Verification. Password and Comparing the Preset Verification Password with the Password to 36 Verified to Obtain a jser icientity Athentication Result S 33 Fig. 1

3 Patent Application Publication Sep. 8, 2016 Sheet 2 of 5 US 2016/ A1 2 {} Fig. 2

4 Patent Application Publication Sep. 8, 2016 Sheet 3 of 5 US 2016/ A1 Generating a Verification Password, and Storing the Verification Password and a Hash Key Used for Generating the verification assword SO When a User is Required to input a Password, Displaying Selectable Authentication images to a User S2 Receiving an Authentication image Selected by the User S2O3 Acquiring a Password to Be verified Based on the Autheatication image Selected by the ser and a Pre S{ Stored Hash. Kcy SiO4. Acquiring a Preset Verification Password and Comparing the Preset Verification Password with the Password to Be Verified to Obtain a User identity Autheatication Result S2O)5 Resetting the Verification Password if User identity Autheatication is Passed S2O6 Fig. 3

5 Patent Application Publication Sep. 8, 2016 Sheet 4 of 5 US 2016/ A1 Receiving Module 40 Acquiring Module 420 Verification Mode 430 Fig. 4

6 Patent Application Publication Sep. 8, 2016 Sheet 5 of 5 US 2016/ A1 initializing Module 540 Second Acquiring Submodule 54 generating Shimodule S4 Second Processing Sibiidaie 54 T Display Module 560 Receiving Module 40 Acquiring Module 42) First Acquiring Submodule 52 Storing Module 55t First Processing Subnodule s Verification yiodie 430 Resetting Module 570 Fig. 5

7 US 2016/ A1 Sep. 8, 2016 METHOD AND APPARATUS FOR USER IDENTITY AUTHENTCATION CROSS-REFERENCE TO RELATED APPLICATION This application is based upon and claims priority to Chinese Patent Application No , filed Mar. 3, 2015, the entire contents of which are incorporated herein by reference. TECHNICAL FIELD 0002 The present application relates to the technical field of network security and, more particularly, to a method and an apparatus for user identity authentication. BACKGROUND 0003 Conventionally, a terminal device performs user identity authentication by users manually inputting character strings, such as numbers and letters However, authentication passwords in the form of numbers and letters may not be memorized conveniently and therefore are often be forgotten by users. Moreover, the operation of inputting these passwords is relatively cumber SO. SUMMARY The present disclosure provides a method for user identity authentication. Consistent with some embodiments, the method includes receiving an authentication image selected by a user, and acquiring, based on the authentication image, a password to be verified. The method may further include acquiring a preset Verification password, and compar ing the verification password with the password to be verified to obtain a user identity authentication result Consistent with some embodiments, this disclosure provides an apparatus for user identity authentication. The apparatus includes a receiving module configured to receive an authentication image selected by a user and an acquiring module configured to acquire, based on the authentication image, a password to be verified. The apparatus may further include a verification module configured to acquire a preset Verification password and compare the verification password with the password to be verified to obtain a user identity authentication result Consistent with some embodiments, this disclosure provides a non-transitory computer-readable storage medium having stored therein instructions. When executed by a pro cessorina device, the instructions cause the device to perform operations including receiving an authentication image selected by a user, acquiring, based on the authentication image, a password to be verified, acquiring a preset Verifica tion password, and comparing the Verification password with the password to be verified to obtain a user identity authenti cation result Additional objects and advantages of the disclosed embodiments will be set forth in part in the following descrip tion, and in part will be apparent from the description, or may be learned by practice of the embodiments. The objects and advantages of the disclosed embodiments may be realized and attained by the elements and combinations set forth in the claims It is to be understood that both the foregoing general description and the following detailed description are exem plary and explanatory only and are not restrictive of the dis closed embodiments, as claimed. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are incorpo rated in and constitute a part of this specification, illustrate embodiments consistent with the invention and, together with the description, serve to explain the principles of the inven tion FIG. 1 is a flowchart of an exemplary method for user identity authentication, consistent with some embodi ments of this disclosure FIG. 2 is a schematic diagram of authentication images displayed to a user, consistent with some embodi ments of this disclosure FIG. 3 is a flowchart of another exemplary method for user identity authentication, consistent with some embodiments of this disclosure FIG. 4 is a block diagram of an exemplary apparatus for user identity authentication, consistent with some embodiments of this disclosure FIG. 5 is a block diagram of another exemplary apparatus for user identity authentication, consistent with Some embodiments of this disclosure. DESCRIPTION OF THE EMBODIMENTS 0016 Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. The following description refers to the accompanying drawings in which the same numbers in different drawings represent the same or similar elements unless otherwise represented. The implementations set forth in the following description of exemplary embodiments do not represent all implementations consistent with the inven tion. Instead, they are merely examples of devices and meth ods consistent with aspects related to the invention as recited in the appended claims. (0017 FIG. 1 is a flowchart of an exemplary method 100 for user identity authentication, consistent with some embodiments of this disclosure. The exemplary method 100 may be performed by a terminal device. Referring to FIG. 1, the method 100 includes the following steps In step S101, the terminal device receives an authen tication image selected by a user. FIG. 2 is a schematic dia gram 200 of authentication images displayed to a user, con sistent with some embodiments of this disclosure. For example, an application program of the terminal device may obtain a plurality of authentication images as selectable images and display them on a display of the terminal device. Subsequently, the user may select, from the displayed authen tication images, the image preset as a password image so as to perform identity authentication In some embodiments, the authentication images may be randomly selected from all of the images stored in the terminal device and may be randomly arranged The image that is presetas a password image may be placed at a random position in authentication images. In some implementations, the password image may be placed at the first page or the first few pages of all authentication images so that a user may conveniently find the password image In step S102, the terminal device acquires, based on the selected authentication image, a password that is to be

8 US 2016/ A1 Sep. 8, 2016 Verified. For example, a password may be acquired by a preset algorithm according to an image selected by a user In some embodiments, the terminal device may acquire a pre-stored hash key and perform hash operation according to the hash key and the selected authentication image to obtain the password In some embodiments, before selecting the authen tication image, the user may preseta verification password in advance. For example, an application program of the terminal device may obtain a plurality of images from a terminal device and display the images to a user in a randomly arranged manner So as to allow the user to select an image as a password image. The terminal device may then generate a random number as a hash key according to the password image, and generate a verification password by the hash key and a preset hash algorithm (e.g., SHA-256 algorithm and the like). The terminal device may then securely store the random number and the Verification password in a secure storage area of the terminal device so that comparative verification may be performed when identity verification is required. For example, the operation of storing the random number and the verification password may be performed after detection by a preset secure detection program. A secure storage area, for example, may be a storage area where restriction or encryp tion of the access authority is implemented During verification of user identity, the terminal device may acquire the pre-stored random number as a hash key, and perform the hash operation according to the hash key and the authentication image selected by a user, thereby obtaining a password to be verified. The hash operation herein may be the same as the hash algorithm used when a verifica tion password is set. In doing so, the password obtained by the same hash key may be the same as the preset verification password when the image selected by a user is the same as the preset password image In step S103, the terminal device acquires a preset Verification password and compares the preset verification password with the password to be verified to obtain a user identity authentication result For example, a preset verification password may be acquired and then compared with a password to be verified. If the password to be verified is consistent with the preset veri fication password, identity authentication may be determined to be successful. Otherwise, identity authentication may be determined to fail In the method 100 described above, a password is generated according to an image selected by a user, and compared with a preset verification password to Verify user identity. The user is required to select, from randomly arranged images, an image used when averification password is set to complete identity authentication, thereby providing simple and convenient operation. Moreover, a password image may be memorized conveniently by the user FIG. 3 is a flowchart of another exemplary method 300 for user identity authentication, consistent with some embodiments of this disclosure. The exemplary method 300 may be performed by a terminal device. Referring to FIG. 3, the method 300 includes the following steps In step S201, the terminal device generates a verifi cation password, and stores the verification password and a hash key used for generating the verification password For example, an application program may obtain a plurality of images from a terminal device and display the images to a user in a randomly arranged manner to allow the user to select one image as a password image. The application program may generate a random number according to the password image, use the random number as a hash key, and generate a verification password by the hash key and a preset hash algorithm (e.g., SHA-256 algorithm and the like). Sub sequently, the application program may securely store the random number and the generated verification password in a secure storage area of the terminal device so that comparison may be performed when identity authentication is required The operation of storing the random number and the verification password may be performed after detection by a preset secure detection program. A secure storage area, for example, may be a storage area where restriction or encryp tion of the access authority is implemented. In addition, the random number and Verification password may also be stored by an existing or possible future security technique, which is not intended to be limited by the present disclosure In step S202, when a user is required to input a password, the terminal device displays selectable authentica tion images to the user, so that the user may select an image from the displayed images. In some embodiments, the authentication images may be randomly selected from all images in the terminal device and may be randomly arranged on a display of the terminal device As shown in FIG. 2, an application program may obtain all images from a terminal device for random arrange ment, or randomly select a Subset of the images for arrange ment as authentication images to a user, where the authenti cation images include a password image used for setting a Verification password In some embodiments, the image preset as a pass word image may be placed at a random position in the authen tication images. In other embodiments, the image preset as a password image may be placed at the first page or the first few pages of the authentication images so that a user may conve niently find the image In step S203, the terminal device receives an authen tication image selected by the user. For example, a user may select the image preset as a password image from the authen tication images to perform identity authentication In step S204, the terminal device acquires a pass word to be verified based on the authentication image selected by a user and a pre-stored hash key For example, a pre-stored random number may be acquired as a hash key, and a hash operation may be per formed according to the hash key and the image, thereby obtaining the password to be verified. The hash operation herein may be the same as a hash algorithm used when a Verification password is set, and thus a password to be verified may be the same as a preset verification password where an image selected by a user is the same as a password image used when a password is set In step S205, the terminal device acquires a preset Verification password and compares the preset verification password with the password to be verified to obtain a user identity authentication result. If the password to be verified is consistent with the preset verification password, identity authentication may be determined to be successful. Other wise, identity authentication may be determined to fail In some embodiments, a backup character string password may be preset. When a user forgets or deletes the image for verification, the user may be prompted to input a character string for verifying identity. Identity authentication may be performed according to a preset character string pass

9 US 2016/ A1 Sep. 8, 2016 word, and the password image and the verification password may be reset after authentication is passed. For example, a password image may be reselected according to step S201, and an updated verification password may be generated. Other types of identity authentication methods, such as per forming verification by other pre-bound devices, may also be used when a user fails to input a correct password image. Other alternative identity authentication methods known to a person skilled in the art will not be described herein In step S206, the terminal device resets the verifica tion password if user identity authentication is passed When a user desires to change a password image, the user may be first required to pass the above identity authentication. After the authentication is passed, the user may start a password modification process. For example, the user may reselect a password image according to step S201 to update a verification password In the method 300 described above, a hash key and a verification password may be generated by a preset pass word image. In the course of verification, a password may be generated based on an authentication image selected by a user and a pre-stored hash key, and be compared with a preset verification password to verify user identity. The user is required to select, from randomly arranged authentication images, an authentication image used when a verification password is set to complete identity authentication, thereby providing simple and convenient operation. Moreover, a password image may be memorized conveniently by the user. Further, selectable authentication images may be randomly arranged in the course of verification, so as to prevent viruses Such as Trojan horses from probing the user input, thereby improving the password security. In addition, when a user forgets a password image or the password image is deleted, identity authentication may also be performed by other alter native methods so that a verification password may be reset, thereby improving the identity authentication efficiency FIG. 4 is a block diagram of an exemplary apparatus 400 for user identity authentication, consistent with some embodiments of this disclosure. Referring to FIG. 4, the apparatus 400 includes a receiving module 410, an acquiring module 420, and a verification module ) The receiving module 410 is configured to receive an authentication image selected by a user. For example, as shown in FIG.2, authentication images may be obtained from a terminal device by an application program. The obtained images may be used as authentication images which are then displayed to a user (e.g., on a display of the terminal device), and the user may select the authentication image that is preset as a password image from the displayed images to perform identity authentication In some embodiments, the authentication images may be randomly selected from all images stored in a terminal device and may be randomly arranged on a display of the terminal device The authentication image preset as a password image may be placed at a random position in the displayed images. In some implementations, the password image may be placed at the first page or the first few pages of all displayed authentication images so that a user may conveniently find the image The acquiring module 420 is configured to acquire a password to be verified based on the selected authentication image. In some embodiments, the acquiring module 420 may acquire a pre-stored random number as a hash key, and per form a hash operation based on the hash key and the image selected by a user, thereby obtaining a password to be veri fied The verification module 430 is configured to acquire a preset verification password and compare the preset verifi cation password with the password to be verified to obtain a user identity authentication result. If the password to be veri fied is consistent with the preset verification password, the verification module 430 may determine the identity authen tication to be successful. Otherwise, the verification module 430 may determine the identity authentication to fail FIG. 5 is a block diagram of another exemplary apparatus 500 for user identity authentication, consistent with some embodiments of this disclosure. Referring to FIG. 5, the apparatus 500 includes a receiving module 410, an acquiring module 420, a verification module 430, an initializing module 540, a storing module 550, a display module 560, and a resetting module 570. The acquiring module 420 includes a first acquiring Submodule 521 and a first processing Submod ule The initializing module 540 is configured to set the verification password. As shown in FIG. 5, the initializing module 540 includes a second acquiring submodule 541, a generating Submodule 542, and a second processing Submod ule 543. The second acquiring submodule 541 is configured to acquire an authentication image selected by a user for verification. The generating submodule 542 is configured to generate a random number. The second processing Submod ule 543 is configured to use the random number as a hash key, and perform a hash operation based on the hash key and the authentication image selected by the user to obtain a verifi cation password In some embodiments, an application program may obtain all images from a terminal device and display the images to a user in a randomly arranged manner to allow the user to select one image as a password image. The generating Submodule 542 may be configured to generate a random number according to the password image. The second pro cessing Submodule 543 may be configured to use the random number as a hash key, and generate averification password by the hash key and a preset hash algorithm (e.g., SHA-256 algorithm and the like) The storing module 550 is configured to store the random number and the Verification password. The storing module 550 may be configured to securely store the random number and the generated verification password in a secure storage area of the terminal device, so that comparison may be performed for identity authentication The operation of storing the random number and the verification password may be performed after detection by a preset secure detection program. A secure storage area, for example, may be a storage area where restriction or encryp tion of the access authority is implemented. In addition, the random number and Verification password may also be stored by an existing or possible future security technique, which is not intended to be limited by the present disclosure The display module 560 is configured to display selectable authentication images to a user when the user is required to input a password, so that the user may select an authentication image from the displayed images. The authen tication images may be randomly selected from a Subset of or all images in the terminal device and may be randomly arranged. As shown in FIG. 2, the display module 560 may obtain all images from a terminal device for random arrange

10 US 2016/ A1 Sep. 8, 2016 ment, or randomly select a Subset of the images for arrange ment as authentication images which are then displayed to a user, where the authentication images include a password image used for setting a verification password In some embodiments, the display module 560 may be configured to place the image preset as a password image at a random position in the displayed images. In other embodiments, the image preset as a password image may be placed at the first page or the first few pages of the authenti cation images so that a user may conveniently find the image In some embodiments, the authentication images may be transmitted in real time via networks, such as mobile data networks, WiFi, Bluetooth, infrared transmission, and so on. In some embodiments, when authentication images are transmitted in real time via networks, the source of the authentication images may be designated by users. A terminal device may be configured to start a corresponding function for receiving the network images. For example, a user may enable an image receiving function of the terminal device, Such that images may be transmitted in real time via the mobile data network The first acquiring submodule 521 is configured to acquire a pre-stored hash key after receiving an authentica tion image selected by a user. The first processing Submodule 522 is configured to performahash operation according to the hash key and the received image to obtain the password to be Verified. The hash operation may be the same as a hash algo rithm used for setting the verification password. Such that a password to be verified may be the same as the preset verifi cation password when the authentication image selected by a user is the same as the password image used to set the verifi cation password The resetting module 570 is configured to reset the Verification password after user identity authentication is passed. When a user desires to replace a password image, the user may be first required to pass the above identity authen tication. After the authentication is passed, the resetting mod ule 570 may be configured to start a password modification process and prompt the user to reselect a password image so as to update a verification password In some embodiments, a backup character string password may be preset. When a user forgets or deletes the password image, the verification module 430 may be config ured to authenticate the user according to a preset character string, and reset the Verification password after authentication is passed. Other types of identity authentication methods, Such as performing verification by other pre-bound devices, may also be used when a user fails to input a correct password image. Other alternative identity authentication methods known to a person skilled in the art will not be described herein In exemplary embodiments, a non-transitory com puter-readable storage medium including instructions is also provided, and the instructions may be executed by a device (such as a client terminal, a personal computer, or the like), for performing the above-described methods. The above-de scribed methods may be implemented in a distributed com puting environment, where one or more steps may be executed by a remote processing device connected through a network. The instructions executable by a device for perform ing the above-described methods may be stored in a local non-transitory computer-readable storage medium or in a computer-readable storage medium located in a remote device It should be noted that, the relational terms herein such as first and second are used only to differentiate an entity or operation from another entity or operation, and do not require or imply any actual relationship or sequence between these entities or operations. Moreover, the words comprising. having. containing, and including, and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of Such item or items, or meant to be limited to only the listed item or items The illustrated steps in the above-described figures are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological develop ment will change the manner in which particular functions are performed. Thus, these examples are presented herein for purposes of illustration, and not limitation. For example, steps or processes disclosed herein are not limited to being performed in the order described, but may be performed in any order, and some steps may be omitted, consistent with disclosed embodiments One of ordinary skill in the art will understand that the above described embodiments may be implemented by hardware, or Software (program codes), or a combination of hardware and software. If implemented by software, it may be stored in the above-described computer-readable media. The software, when executed by the processor may perform the disclosed methods. If implemented by hardware, the above described embodiments may be implemented by one of the following techniques known in the art or a combination thereof: a discrete logic circuit having a logic gate circuit for realizing a logic function of a data signal, an application specific integrated circuit having an appropriate combination logic gate circuit, a programmable gate array (PGA), a field programmable gate array (FPGA), etc. The computing units and the other functional units described in this disclosure may be implemented by hardware, or software, or a combination of hardware and software. One of ordinary skill in the art will also understand that multiple ones of the above described modules/units may be combined as one module/unit, and each of the above described modules/units may be further divided into a plurality of sub-modules/sub-units Other embodiments of the invention will be appar ent to those skilled in the art from consideration of the speci fication and practice of the invention disclosed here. This application is intended to cover any variations, uses, or adap tations of the invention following the general principles thereof and including such departures from the present dis closure as come within known or customary practice in the art. It is intended that the specification and examples be con sidered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims It will be appreciated that the present invention is not limited to the exact construction that has been described above and illustrated in the accompanying drawings, and that various modifications and changes may be made without departing from the scope thereof. It is intended that the scope of the invention should only be limited by the appended claims. What is claimed is: 1. A method for user identity authentication, comprising: receiving an authentication image selected by a user; acquiring, based on the authentication image, a password to be verified;

11 US 2016/ A1 Sep. 8, 2016 acquiring a preset verification password; and comparing the Verification password with the password to be verified to obtain a user identity authentication result. 2. The method of claim 1, wherein acquiring the password to be verified comprises: acquiring a pre-stored hash key; and performing a hash operation based on the hash key and the authentication image to obtain the password to be veri fied. 3. The method of claim 1, further comprising setting the Verification password before receiving the authentication image. 4. The method of claim 3, wherein setting the verification password comprises: acquiring a password image selected by the user; generating a random number as a hash key; and performing a hash operation according to the hash key and the password image to obtain the verification password. 5. The method of claim 1, further comprising: displaying a plurality of selectable authentication images on a display of a terminal device before receiving the authentication image selected by the user. 6. The method of claim 1, further comprising: after obtaining the user identity authentication result, reset ting the verification password if user identity authenti cation is passed. 7. The method of claim 1, further comprising: authenticating the user according to a preset character String; and resetting the verification password after authentication is passed. 8. An apparatus for user identity authentication, compris ing: a receiving module configured to receive an authentication image selected by a user; an acquiring module configured to acquire, based on the authentication image, a password to be verified; and a verification module configured to: acquire a preset verification password; and compare the verification password with the password to be verified to obtain a user identity authentication result. 9. The apparatus of claim 8, wherein the acquiring module comprises: a first acquiring Submodule configured to acquiring a pre stored hash key; and a first processing Submodule configured to perform a hash operation based on the hash key and the authentication image to obtain the password to be verified. 10. The apparatus of claim 8, further comprising an initial izing module configured to set the verification password before receiving the authentication image. 11. The apparatus of claim 10, wherein the initializing module comprises: a second acquiring Submodule configured to acquire a password image selected by the user; a generating Submodule configured to generate a random number as a hash key; and a second processing Submodule configured to perform a hash operation according to the hash key and the pass word image to obtain the Verification password. 12. The apparatus of claim 8, further comprising a display module configured to display a plurality of selectable authen tication images on a display of a terminal device before the receiving module receives the authentication image selected by the user. 13. The apparatus of claim8, further comprising a resetting module configured to: after obtaining the user identity authentication result, reset the verification password if user identity authentication is passed. 14. The apparatus of claim8, wherein the verification mod ule is further configured to authenticate the user according to a preset character String and reset the verification password after authentication is passed. 15. A non-transitory computer-readable storage medium having stored therein instructions that, when executed by a processor in a device, cause the device to perform operations including: receiving an authentication image selected by a user; acquiring, based on the authentication image, a password to be verified; acquiring a preset verification password; and comparing the verification password with the password to be verified to obtain a user identity authentication result. 16. The non-transitory computer-readable storage medium of claim 15, wherein acquiring the password to be verified comprises: acquiring a pre-stored hash key; and performing a hash operation based on the hash key and the authentication image to obtain the password to be veri fied. 17. The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise setting the verification password before receiving the authentication image. 18. The non-transitory computer-readable storage medium of claim 17, wherein setting the verification password com prises: acquiring a password image selected by the user; generating a random number as a hash key; and performing a hash operation according to the hash key and the password image to obtain the verification password. 19. The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise: after obtaining the user identity authentication result, reset ting the verification password if user identity authenti cation is passed. 20. The non-transitory computer-readable storage medium of claim 15, wherein the operations further comprise: authenticating the user according to a preset character String; and resetting the verification password after authentication is passed.